Overview

overview

10

Static

static

10

mage.pdf

windows7-x64

10

mage.pdf

windows10-2004-x64

1

The_magician.exe

windows7-x64

10

The_magician.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    mage.pdf

  • Size

    594KB

  • MD5

    128db23e1e5c6cd340619efb80c53407

  • SHA1

    abca13545adeed1d63a1a59bb858fe1db7ff3633

  • SHA256

    4f7f343f275b5a2aef658777228e00ba60ac1cabec7dd581f711bafc7a8cfe61

  • SHA512

    2401ad743d762509d5104c88944b0f85c26a698c6c53e36dc1711bd97dad479ec90f9bcb7bef8060666a1f14f6a550c51085eaa6ad4eda8f3fc2f75ffc78c843

  • SSDEEP

    12288:dFEa/hpMa4XPityTkzzdnbUZTxrfZ6OUjDGWdOh1rFrGslTS:dFR/hpCXP7ozxbUZT90fv7Oh1rFrGiG

Score
10/10
pdflinkjavascriptmetasploit

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

C2

172.28.13.26:7243

Signatures

  • Metasploit family
    metasploit
  • PDF contains JavaScript

    Detects presence of JavaScript in PDF files.

    pdfjavascript
  • PDF contains one or more embedded files

    Detects presence of embedded files in PDF files.

    pdf
  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • mage.pdf
    .pdf

    • https://fantasy.bnf.fr/fr/albums/fees-magiciens/index.php

  • The_magician.pdf
    .exe windows x86

    481f47bbb2c9c21e108d65f52b04c448


    Headers

    Imports

    Sections